Do we need a Risk Register for ISO 9001:2015

Z

zoolieu

#1
It appears that a "risk register" is not required for ISO 9001:2015.
We always post issues, situations, risks, concerns and potential problems on a large dry erase board so that the issues do not get forgotten.
Would it also be necessary to draft a register to house these risks and resolutions in?
We have our audit in 3 weeks.
On a side note - we are a distributor (not MFG) and very small company of 5
 
Elsmar Forum Sponsor
B

BoardGuy

#2
Although 6.1 specifies that the organization shall plan action to address risk there is:

a) No requirement for formal methods for risk management
b) No requirement to document risk management process
c) No requirement to retain documented information as evidence of determination of risks.

This part of the Standard has developed in to a cottage industry of risk based thinking gurus that could lead you in to performing FMEAs for all process. We developed a simple spreadsheet that addresses both Section 4 and 6.1 requirements. Our spreadsheet looks at:

a) Interested parties and their reason for interest
b) Internal issues of concern
c) External issues of concern
e) Organizational risks and how they are addressed

In the end you should not just create something to address 6.1. You should develop needed information that is helpful to top management and the organization.
 
Z

zoolieu

#3
Thank you kindly for the clear and well drafted response.
May I ask where you house this spreadsheet so that it is accessible to all?
 

Kronos147

Trusted Information Resource
#4
At our shop, we found something we already capture, NCR's, in our NCR log, and added an NCR classification, Risk.

We look to see what methods we already have and expand upon them as opposed to develop new processes.

We also have a quote review checklist. We added a section to document Risks.

We have a process to qualify vendors and issue PO's. We integrated risk management.
 
B

BoardGuy

#5
Thank you kindly for the clear and well drafted response.
May I ask where you house this spreadsheet so that it is accessible to all?
[FONT=&quot]Sorry, I cannot provide because it is consider to be a proprietary document of my employer.[/FONT][FONT=&quot][/FONT]
 
Z

zoolieu

#6
I apologize - I wasn't asking to view the doc - just where do you keep in your company so that it is accessible? In a binder? On a shared drive?
 
J

Jim Green

#7
I apologize - I wasn't asking to view the doc - just where do you keep in your company so that it is accessible? In a binder? On a shared drive?
I am not an expert, but I would keep it in an electronic folder. Then present hard copy during Mgr Review. That way it's covered.

In my experience, the more you have presented in Mgr Review, the more efficient and easy your external/3rd party audits tend to be.

I am going to start off very simple at first. Trying to capture major processes, and see how it goes.
 
Z

zoolieu

#8
So - I have a bit to add that I hope will deem helpful.
You do NOT have to have a "register" per se, but you do need to have a MR, so that all has to be integrated. We have a large dry erase board that I have divided up by sections that have risk: shipping, purchasing, etc. We toss up issues as they arise, discuss and manage in the meetings and then keep a running "risk register" Just excel doc - on a shared folder for reviewing and history. Hope that works!
 

Mark Meer

Trusted Information Resource
#9
We have a large dry erase board that I have divided up by sections that have risk: shipping, purchasing, etc. We toss up issues as they arise, discuss and manage in the meetings and then keep a running "risk register" Just excel doc - on a shared folder for reviewing and history. Hope that works!
I would strongly suggest moving this activity to a shared document/spreadsheet, instead of a dry-erase board. ISO requirements aside, I think it's important to have some lasting record of activities you do... it makes it easier to look back later and make decisions based on past activities.

Google Docs is a good possibility as it is free, any number of people can collaborate simultaneously, and revision histories are maintained.

If people are at their computers daily, you could set it to people's home-page, thus (more-or-less) ensuring that everyone sees it daily...
 

dsanabria

Quite Involved in Discussions
#10
[FONT=&quot]Sorry, I cannot provide because it is consider to be a proprietary document of my employer.[/FONT][FONT=&quot][/FONT]
You could do a "PM" Private Message and not make your documentation to the whole world - thus not violating proprietary laws because no one will know or find out. :cool:
 
Thread starter Similar threads Forum Replies Date
M Need Help With Information Security Asset Risk Register IEC 27001 - Information Security Management Systems (ISMS) 2
Melissa Risk Management Process, How far do I need to go? ISO 14971 - Medical Device Risk Management 13
D Low risk IVD study in the UK, do I need MHRA approval? UK Medical Device Regulations 1
R The term "Benefit Risk Ratio" in EU MDR, do I need to present benefit risk analysis as a RATIO Risk Management Principles and Generic Guidelines 4
M Informational FDA Panel: Too early to pull textured breast implants over cancer risk, need more data Medical Device and FDA Regulations and Standards News 0
V How to Publish/Convince Stake Holders about need/utility of Risk Management Systems FMEA and Control Plans 6
S Do HF Accessories need to perform a Risk Management Process of 60601-1:2005? IEC 60601 - Medical Electrical Equipment Safety Standards Series 3
D PA, CA and Risk-Based Decision Making - Need Input Preventive Action and Continuous Improvement 7
W Need risk acceptance policy/criteria ISO 14971 - Medical Device Risk Management 3
A ISO14971:2001 - Risk Management for Medical Devices - Help need copy ISO 14971 - Medical Device Risk Management 10
R Reduce the need for authorisation of low risk changes Document Control Systems, Procedures, Forms and Templates 3
K Subcontractors Providing Services Under MDD or MDR need ISO 13485 from EU Notified Body? CE Marking (Conformité Européene) / CB Scheme 3
E Need some peer advice Quality Manager and Management Related Issues 18
S Need clarification on UKCA and "Approved Body" UK Medical Device Regulations 7
S What types of changes need to be notified to NBs? Registrars and Notified Bodies 1
B Do I need a Cleanroom to manufacture Medical Devices? ISO 13485:2016 - Medical Device Quality Management Systems 2
J CMO in Canada do they need MDSAP/13485 certification? ISO 13485:2016 - Medical Device Quality Management Systems 1
M Attempting to Poke Yoke a wire crimping process...need help Design and Development of Products and Processes 3
C I need your help to find the action plan for these quality objectives Misc. Quality Assurance and Business Systems Related Topics 23
C Class 1 non-sterile device, need certified QMS or not? EU Medical Device Regulations 2
Steve Prevette I need a template to solve world hunger, a world class Quality Program, and make lots of money Coffee Break and Water Cooler Discussions 5
C Need to understand difference between an actual Calibration vs. a Calibration check General Measurement Device and Calibration Topics 3
S How many tester quantity we need on the line based on the cycle time and peak volume Manufacturing and Related Processes 3
R Need help on calibration result analysis Measurement Uncertainty (MU) 17
M Do i need to have equipment validation if 100% testing is completed? Qualification and Validation (including 21 CFR Part 11) 6
G Need Help with Run @ Rate for Medical Devices ISO 13485:2016 - Medical Device Quality Management Systems 0
F Need help in IMS management review Management Review Meetings and related Processes 3
S I need help in corrective action plan Nonconformance and Corrective Action 15
A Do clinical performance studies for IVDs need to be conducted in a member state? EU Medical Device Regulations 2
A Do clinical performance studies for IVDs need to be conducted in a member state? CE Marking (Conformité Européene) / CB Scheme 0
D Weird spec sheet - need help Measurement Uncertainty (MU) 3
E Do I need test reports for all standards mentioned in my 510k application? Other Medical Device Related Standards 8
J Japan registration need manual without temperature reading Japan Medical Device Regulations 0
Ashland78 Need IATF 16949 ISO Gap Analysis Excel File Internal Auditing 3
R Need for an Importer outside EU? EU Medical Device Regulations 0
T Do I need to add non-product related service providers to my ASL? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 12
K Need Help With Auditing Suppliers Against ISO 9001 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 50
A Need career advice on QMS & HSE (No hands on experience) Career and Occupation Discussions 6
B Need assistance with documents CE Marking (Conformité Européene) / CB Scheme 2
R Lead auditor scenario (Need help) is this non conforming to ISO13485 Manufacturing and Related Processes 2
Ashland78 Need to show evidence in accordance with QR-11012 and SPB-00001-09 Customer and Company Specific Requirements 5
E Does IVD need to integrate with hospital IT infrastructure? Medical Information Technology, Medical Software and Health Informatics 2
U Need Help With API Q2 Quality Manual Oil and Gas Industry Standards and Regulations 8
S In Need of GIDEP Guidance AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
M Do employee training records need to be controlled documents? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
D What evidence do I need to supply as a remote location in relation to manufacturing sites? IATF 16949 - Automotive Quality Systems Standard 14
T Non API products need to comply to API Q1? Oil and Gas Industry Standards and Regulations 3
G Need journal and reference of abnormal bar chart SPC Statistical Analysis Tools, Techniques and SPC 4
MSeibert47 Daily Quality Topics - Need Ideas Please! Food Safety - ISO 22000, HACCP (21 CFR 120) 18
W Do Reference materials for IATF need to be 17025? IATF 16949 - Automotive Quality Systems Standard 15

Similar threads

Top Bottom